Skip to content
Snippets Groups Projects
Commit 669f6792 authored by Geremy Condra's avatar Geremy Condra Committed by Gerrit Code Review
Browse files

Merge "mediaserver.te refactor"

parents eeafabde 4e030c2a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 13 additions and 7 deletions
mediaserver.te
+ 13
7
View file @ 669f6792
...@@ -2,19 +2,23 @@ ...@@ -2,19 +2,23 @@
type mediaserver, domain; type mediaserver, domain;
type mediaserver_exec, exec_type, file_type; type mediaserver_exec, exec_type, file_type;
typeattribute mediaserver mlstrustedsubject;
net_domain(mediaserver)
init_daemon_domain(mediaserver) init_daemon_domain(mediaserver)
unix_socket_connect(mediaserver, property, init) unix_socket_connect(mediaserver, property, init)
net_domain(mediaserver)
typeattribute mediaserver mlstrustedsubject; r_dir_file(mediaserver, sdcard)
allow mediaserver kernel:system module_request;
binder_use(mediaserver) binder_use(mediaserver)
binder_call(mediaserver, binderservicedomain) binder_call(mediaserver, binderservicedomain)
binder_call(mediaserver, appdomain) binder_call(mediaserver, appdomain)
binder_transfer(mediaserver, surfaceflinger) binder_transfer(mediaserver, surfaceflinger)
binder_service(mediaserver) binder_service(mediaserver)
allow mediaserver kernel:system module_request;
allow mediaserver app_data_file:dir search; allow mediaserver app_data_file:dir search;
allow mediaserver app_data_file:file r_file_perms; allow mediaserver app_data_file:file r_file_perms;
r_dir_file(mediaserver, sdcard)
allow mediaserver sdcard:file write; allow mediaserver sdcard:file write;
allow mediaserver camera_device:chr_file rw_file_perms; allow mediaserver camera_device:chr_file rw_file_perms;
allow mediaserver graphics_device:chr_file rw_file_perms; allow mediaserver graphics_device:chr_file rw_file_perms;
...@@ -22,8 +26,12 @@ allow mediaserver video_device:chr_file rw_file_perms; ...@@ -22,8 +26,12 @@ allow mediaserver video_device:chr_file rw_file_perms;
allow mediaserver audio_device:dir r_dir_perms; allow mediaserver audio_device:dir r_dir_perms;
allow mediaserver audio_device:chr_file rw_file_perms; allow mediaserver audio_device:chr_file rw_file_perms;
allow mediaserver qemu_device:chr_file rw_file_perms; allow mediaserver qemu_device:chr_file rw_file_perms;
allow mediaserver tee_device:chr_file rw_file_perms;
allow mediaserver audio_prop:property_service set;
# XXX Label with a specific type? # XXX Label with a specific type?
allow mediaserver sysfs:file rw_file_perms; allow mediaserver sysfs:file rw_file_perms;
# XXX Why? # XXX Why?
allow mediaserver apk_data_file:file { read getattr }; allow mediaserver apk_data_file:file { read getattr };
...@@ -40,8 +48,6 @@ allow mediaserver camera_calibration_file:file r_file_perms; ...@@ -40,8 +48,6 @@ allow mediaserver camera_calibration_file:file r_file_perms;
# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
allow mediaserver qtaguid_proc:file rw_file_perms; allow mediaserver qtaguid_proc:file rw_file_perms;
allow mediaserver qtaguid_device:chr_file r_file_perms; allow mediaserver qtaguid_device:chr_file r_file_perms;
# Allow abstract socket connection # Allow abstract socket connection
allow mediaserver rild:unix_stream_socket connectto; allow mediaserver rild:unix_stream_socket connectto;
allow mediaserver tee_device:chr_file rw_file_perms;
allow mediaserver audio_prop:property_service set;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment